hola-server 1.0.10 → 2.0.1

package/router/delete.js

@@ -1,3 +1,8 @@
+/**
+ * @fileoverview Delete router initialization.
+ * @module router/delete
+ */
+
 const { required_post_params } = require('../http/params');
 const { has_value } = require('../core/validate');
 const { NO_PARAMS, NO_RIGHTS } = require('../http/code');
@@ -8,46 +13,37 @@ const { wrap_http } = require('../http/error');
 const { Entity } = require('../db/entity');
 
 /**
- * init http delete router
- * @param {express router} router 
- * @param {meta info} meta 
+ * Initialize HTTP delete router.
+ * @param {Object} router - Express router
+ * @param {Object} meta - Entity metadata
  */
-const init_delete_router = function (router, meta) {
+const init_delete_router = (router, meta) => {
     const entity = new Entity(meta);
 
-    router.post('/delete', wrap_http(async function (req, res) {
-        const [role_mode, role_view] = get_user_role_right(req, meta);
-        const has_right = role_mode.includes("d");
-        if (!has_right) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
+    router.post('/delete', wrap_http(async (req, res) => {
+        const [role_mode] = get_user_role_right(req, meta);
+        if (!role_mode.includes("d")) {
+            return res.json({ code: NO_RIGHTS, err: "no rights" });
         }
 
         const params = required_post_params(req, ["ids"]);
-        if (params === null) {
-            res.json({ code: NO_PARAMS, err: ["ids"] });
-            return;
+        if (!params) {
+            return res.json({ code: NO_PARAMS, err: ["ids"] });
         }
 
-        const { ids } = params;
-        const id_array = ids.split(",");
+        const ids = params.ids.split(",");
 
-        for (let i = 0; i < id_array.length; i++) {
-            const id_query = oid_query(id_array[i]);
-            const owner = await is_owner(req, meta, entity, id_query);
-            if (!owner) {
-                res.json({ code: NO_RIGHTS, err: "no rights error" });
-                return;
+        for (const id of ids) {
+            if (!await is_owner(req, meta, entity, oid_query(id))) {
+                return res.json({ code: NO_RIGHTS, err: "no ownership rights" });
             }
         }
 
-        const { code, err } = await entity.delete_entity(id_array);
-        if (!has_value(code)) {
-            throw new Error("the delete_entity method should return code");
-        }
+        const { code, err } = await entity.delete_entity(ids);
+        if (!has_value(code)) throw new Error("delete_entity must return code");
 
-        res.json({ code: code, err: err });
+        res.json({ code, err });
     }));
-}
+};
 
-module.exports = { init_delete_router }
+module.exports = { init_delete_router };

package/router/read.js

@@ -1,177 +1,191 @@
+/**
+ * @fileoverview Read router initialization.
+ * @module router/read
+ */
+
 const { required_post_params, get_params } = require('../http/params');
 const { has_value } = require('../core/validate');
 const { NO_PARAMS, SUCCESS, NO_RIGHTS } = require('../http/code');
 const { get_user_role_right } = require('../core/role');
-const { get_session_userid, get_session_user_groups, is_owner } = require('../http/session');
+const { get_session_user_id, get_session_user_groups, is_owner } = require('../http/session');
 const { wrap_http } = require('../http/error');
 const { oid_query } = require('../db/db');
 const { Entity } = require('../db/entity');
 
-const contain_view = (array, view) => {
-    for (let i = 0; i < array.length; i++) {
-        if (view.includes(array[i])) {
-            return true;
+/**
+ * Check if any array element is contained in view string.
+ * @param {string[]} array - View array
+ * @param {string} view - Target view
+ * @returns {boolean}
+ */
+const contain_view = (array, view) => array.some(item => view.includes(item));
+
+/**
+ * Check read rights and return false with error response if unauthorized.
+ * @param {Object} req - Express request
+ * @param {Object} res - Express response
+ * @param {Object} meta - Entity metadata
+ * @returns {[boolean, string, string]} [hasRights, roleMode, roleView]
+ */
+const check_read_rights = (req, res, meta) => {
+    const [role_mode, role_view] = get_user_role_right(req, meta);
+    if (!role_mode.includes("r")) {
+        res.json({ code: NO_RIGHTS, err: "no rights" });
+        return [false, null, null];
+    }
+    return [true, role_mode, role_view];
+};
+
+/**
+ * Filter fields by role view.
+ * @param {Object} meta - Entity metadata
+ * @param {string} role_view - Role view string
+ * @returns {Object[]} Filtered client fields
+ */
+const filter_fields_by_view = (meta, role_view) => {
+    if (!role_view || role_view === "*") return meta.client_fields;
+
+    return meta.client_fields.filter(field => {
+        const view = field.view;
+        if (Array.isArray(view)) {
+            return contain_view(view, role_view) || view.includes("*");
         }
+        return role_view.includes(view) || view === "*";
+    });
+};
+
+/**
+ * Build permission flags from role mode.
+ * @param {string} role_mode - Role mode string
+ * @returns {Object} Permission flags
+ */
+const build_permissions = (role_mode) => ({
+    creatable: role_mode.includes("c"),
+    readable: role_mode.includes("r"),
+    updatable: role_mode.includes("u"),
+    deleteable: role_mode.includes("d"),
+    cloneable: role_mode.includes("o"),
+    importable: role_mode.includes("i"),
+    exportable: role_mode.includes("e"),
+    editable: role_mode.includes("c") || role_mode.includes("u")
+});
+
+/**
+ * Get user ID or group IDs based on user_field config.
+ * @param {Object} req - Express request
+ * @param {Object} meta - Entity metadata
+ * @returns {string|string[]} User ID or group IDs
+ */
+const get_user_filter = (req, meta) => {
+    const [user_field] = meta.fields.filter(f => f.name === meta.user_field);
+
+    if (user_field?.group) {
+        const user_ids = get_session_user_groups(req);
+        if (!user_ids) throw new Error("no user group found in session");
+        return user_ids;
     }
-    return false;
-}
+
+    const user_id = get_session_user_id(req);
+    if (!user_id) throw new Error("no user id found in session");
+    return user_id;
+};
 
 /**
- * init http read router
- * @param {express router} router 
- * @param {meta info} meta 
+ * Initialize HTTP read router.
+ * @param {Object} router - Express router
+ * @param {Object} meta - Entity metadata
  */
-const init_read_router = function (router, meta) {
+const init_read_router = (router, meta) => {
     const entity = new Entity(meta);
 
-    router.get('/meta', wrap_http(async function (req, res) {
-        const [role_mode, role_view] = get_user_role_right(req, meta);
-        const has_right = role_mode.includes("r");
-        if (!has_right) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
-        }
+    router.get('/meta', wrap_http(async (req, res) => {
+        const [ok, role_mode, role_view] = check_read_rights(req, res, meta);
+        if (!ok) return;
 
-        const client_fields = role_view && role_view !== "*" ? meta.client_fields.filter(field => Array.isArray(field.view) ? contain_view(field.view, role_view) || field.view.includes("*") : role_view.includes(field.view) || field.view === "*") : meta.client_fields;
-        const entity_meta = {
-            creatable: role_mode.includes("c"),
-            readable: role_mode.includes("r"),
-            updatable: role_mode.includes("u"),
-            deleteable: role_mode.includes("d"),
-            cloneable: role_mode.includes("o"),
-            importable: role_mode.includes("i"),
-            exportable: role_mode.includes("e"),
-            editable: role_mode.includes("c") || role_mode.includes("u"),
-            fields: client_fields
-        }
-        res.json({ code: SUCCESS, data: entity_meta });
+        res.json({
+            code: SUCCESS,
+            data: {
+                ...build_permissions(role_mode),
+                fields: filter_fields_by_view(meta, role_view)
+            }
+        });
     }));
 
-    router.get('/mode', wrap_http(async function (req, res) {
-        const [role_mode, role_view] = get_user_role_right(req, meta);
-        const has_right = role_mode.includes("r");
-
-        if (!has_right) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
-        }
+    router.get('/mode', wrap_http(async (req, res) => {
+        const [ok, role_mode, role_view] = check_read_rights(req, res, meta);
+        if (!ok) return;
 
         res.json({ code: SUCCESS, mode: role_mode, view: role_view });
     }));
 
-    router.get('/ref', wrap_http(async function (req, res) {
-        const [role_mode, role_view] = get_user_role_right(req, meta);
-        const has_right = role_mode.includes("r");
-        if (!has_right) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
-        }
+    router.get('/ref', wrap_http(async (req, res) => {
+        const [ok] = check_read_rights(req, res, meta);
+        if (!ok) return;
 
         const { ref_by_entity, query } = get_params(req, ["ref_by_entity", "query"]);
         const list = await entity.get_filtered_ref_labels(ref_by_entity, query);
-        const items = list.map(obj => ({ "text": obj[meta.ref_label], "value": obj["_id"] + "" }));
+        const items = list.map(obj => ({ text: obj[meta.ref_label], value: String(obj._id) }));
         res.json({ code: SUCCESS, data: items });
     }));
 
-    router.post('/list', wrap_http(async function (req, res) {
-        const [role_mode, role_view] = get_user_role_right(req, meta);
-        const has_right = role_mode.includes("r");
-        if (!has_right) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
-        }
+    router.post('/list', wrap_http(async (req, res) => {
+        const [ok, , role_view] = check_read_rights(req, res, meta);
+        if (!ok) return;
 
         const query_params = required_post_params(req, ["_query"]);
-        if (query_params === null) {
-            res.json({ code: NO_PARAMS, err: ["_query"] });
-            return;
+        if (!query_params) {
+            return res.json({ code: NO_PARAMS, err: ["_query"] });
         }
 
         const param_obj = req.body;
-
         if (meta.user_field) {
-            const [user_field] = meta.fields.filter(f => f.name == meta.user_field);
-            if (user_field && user_field.group == true) {
-                const user_ids = get_session_user_groups(req);
-                if (user_ids == null) {
-                    throw new Error("no user group is found in session");
-                }
-                param_obj[meta.user_field] = user_ids;
-            } else {
-                const user_id = get_session_userid(req);
-                if (user_id == null) {
-                    throw new Error("no user id is found in session");
-                }
-                param_obj[meta.user_field] = user_id;
-            }
+            param_obj[meta.user_field] = get_user_filter(req, meta);
         }
 
         const query = meta.list_query ? await meta.list_query(entity, param_obj, req) : null;
-        const { code, err, total, data } = await entity.list_entity(query_params["_query"], query, param_obj, role_view);
-        if (!has_value(code)) {
-            throw new Error("the list_entity method should return code");
-        }
+        const { code, err, total, data } = await entity.list_entity(query_params._query, query, param_obj, role_view);
+        if (!has_value(code)) throw new Error("list_entity must return code");
 
-        res.json({ code: code, err: err, total: total, data: data });
+        res.json({ code, err, total, data });
     }));
 
-    router.post('/read_entity', wrap_http(async function (req, res) {
-        const [role_mode, role_view] = get_user_role_right(req, meta);
-        const has_right = role_mode.includes("r");
-        if (!has_right) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
-        }
+    router.post('/read_entity', wrap_http(async (req, res) => {
+        const [ok, , role_view] = check_read_rights(req, res, meta);
+        if (!ok) return;
 
-        let params = required_post_params(req, ["_id", "attr_names"]);
-        if (params === null) {
-            res.json({ code: NO_PARAMS, err: '[_id,attr_names] checking params are failed!' });
-            return;
+        const params = required_post_params(req, ["_id", "attr_names"]);
+        if (!params) {
+            return res.json({ code: NO_PARAMS, err: "[_id, attr_names] required" });
         }
 
-        const { _id, attr_names } = params;
-
-        const owner = await is_owner(req, meta, entity, oid_query(_id));
-        if (!owner) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
+        if (!await is_owner(req, meta, entity, oid_query(params._id))) {
+            return res.json({ code: NO_RIGHTS, err: "no ownership rights" });
         }
 
-        const { code, err, data } = await entity.read_entity(_id, attr_names, role_view);
-        if (!has_value(code)) {
-            throw new Error("the method should return code");
-        }
-        res.json({ code: code, err: err, data: data });
+        const { code, err, data } = await entity.read_entity(params._id, params.attr_names, role_view);
+        if (!has_value(code)) throw new Error("read_entity must return code");
+
+        res.json({ code, err, data });
     }));
 
-    router.post('/read_property', wrap_http(async function (req, res) {
-        const [role_mode, role_view] = get_user_role_right(req, meta);
-        const has_right = role_mode.includes("r");
-        if (!has_right) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
-        }
+    router.post('/read_property', wrap_http(async (req, res) => {
+        const [ok, , role_view] = check_read_rights(req, res, meta);
+        if (!ok) return;
 
-        let params = required_post_params(req, ["_id", "attr_names"]);
-        if (params === null) {
-            res.json({ code: NO_PARAMS, err: '[_id,attr_names] checking params are failed!' });
-            return;
+        const params = required_post_params(req, ["_id", "attr_names"]);
+        if (!params) {
+            return res.json({ code: NO_PARAMS, err: "[_id, attr_names] required" });
         }
 
-        const { _id, attr_names } = params;
-
-        const owner = await is_owner(req, meta, entity, oid_query(_id));
-        if (!owner) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
+        if (!await is_owner(req, meta, entity, oid_query(params._id))) {
+            return res.json({ code: NO_RIGHTS, err: "no ownership rights" });
         }
 
-        const { code, err, data } = await entity.read_property(_id, attr_names, role_view);
-        if (!has_value(code)) {
-            throw new Error("the method should return code");
-        }
-        res.json({ code: code, err: err, data: data });
+        const { code, err, data } = await entity.read_property(params._id, params.attr_names, role_view);
+        if (!has_value(code)) throw new Error("read_property must return code");
+
+        res.json({ code, err, data });
     }));
-}
+};
 
-module.exports = { init_read_router }
+module.exports = { init_read_router };

package/router/update.js

@@ -1,3 +1,8 @@
+/**
+ * @fileoverview Update router initialization.
+ * @module router/update
+ */
+
 const { set_file_fields, save_file_fields_to_db } = require('../db/gridfs');
 const { required_post_params, post_update_params, post_params } = require('../http/params');
 const { SUCCESS, NO_PARAMS, NO_RIGHTS } = require('../http/code');
@@ -12,96 +17,73 @@ const multer = require('multer');
 const upload_file = multer({ dest: 'file_tmp/' });
 
 /**
- * init http update router
- * @param {express router} router 
- * @param {meta info} meta 
+ * Initialize HTTP update router.
+ * @param {Object} router - Express router
+ * @param {Object} meta - Entity metadata
  */
-const init_update_router = function (router, meta) {
+const init_update_router = (router, meta) => {
     const entity = new Entity(meta);
     const cp_upload = meta.upload_fields.length > 0 ? upload_file.fields(meta.upload_fields) : upload_file.none();
 
-    router.post('/update', cp_upload, wrap_http(async function (req, res) {
-        //which view to update the entity
-        let { _view } = post_params(req, ["_view"]);
-        if (!_view) {
-            _view = "*";
-        }
+    router.post('/update', cp_upload, wrap_http(async (req, res) => {
+        const _view = post_params(req, ["_view"])._view || "*";
 
-        const has_right = check_user_role(req, meta, "u", _view);
-        if (!has_right) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
+        if (!check_user_role(req, meta, "u", _view)) {
+            return res.json({ code: NO_RIGHTS, err: "no rights" });
         }
 
-        let params = required_post_params(req, ["_id"]);
-        if (params === null) {
-            params = required_post_params(req, meta.primary_keys);
-            if (params === null) {
-                res.json({ code: NO_PARAMS, err: '[_id] checking params are failed!' });
-                return;
-            }
+        let params = required_post_params(req, ["_id"]) || required_post_params(req, meta.primary_keys);
+        if (!params) {
+            return res.json({ code: NO_PARAMS, err: "[_id] required" });
         }
 
         const param_obj = post_update_params(req, meta.field_names);
         set_file_fields(meta, req, param_obj);
 
-        const query = params["_id"] ? oid_query(params["_id"]) : entity.primary_key_query(param_obj);
-        const owner = await is_owner(req, meta, entity, query);
-        if (!owner) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
+        const query = params._id ? oid_query(params._id) : entity.primary_key_query(param_obj);
+        if (!await is_owner(req, meta, entity, query)) {
+            return res.json({ code: NO_RIGHTS, err: "no ownership rights" });
         }
 
-        const { code, err } = await entity.update_entity(params["_id"], param_obj, _view);
-        if (!has_value(code)) {
-            throw new Error("the method should return code");
-        }
+        const { code, err } = await entity.update_entity(params._id, param_obj, _view);
+        if (!has_value(code)) throw new Error("update_entity must return code");
 
-        if (code == SUCCESS) {
+        if (code === SUCCESS) {
             await save_file_fields_to_db(meta.collection, meta.file_fields, req, param_obj);
         }
 
-        res.json({ code: code, err: err });
+        res.json({ code, err });
     }));
 
-    router.post('/batch_update', cp_upload, wrap_http(async function (req, res) {
+    router.post('/batch_update', cp_upload, wrap_http(async (req, res) => {
         const [role_mode, role_view] = get_user_role_right(req, meta);
-        const has_right = role_mode.includes("u");
-        if (!has_right) {
-            res.json({ code: NO_RIGHTS, err: "no rights error" });
-            return;
+        if (!role_mode.includes("u")) {
+            return res.json({ code: NO_RIGHTS, err: "no rights" });
         }
 
-        let params = required_post_params(req, ["_ids"]);
-        if (params === null) {
-            res.json({ code: NO_PARAMS, err: '[_ids] checking params are failed!' });
-            return;
+        const params = required_post_params(req, ["_ids"]);
+        if (!params) {
+            return res.json({ code: NO_PARAMS, err: "[_ids] required" });
         }
 
         const param_obj = post_update_params(req, meta.field_names);
         set_file_fields(meta, req, param_obj);
 
-        const ids = params["_ids"];
-        for (let i = 0; i < ids.length; i++) {
-            const id_query = oid_query(ids[i]);
-            const owner = await is_owner(req, meta, entity, id_query);
-            if (!owner) {
-                res.json({ code: NO_RIGHTS, err: "no rights error" });
-                return;
+        for (const id of params._ids) {
+            if (!await is_owner(req, meta, entity, oid_query(id))) {
+                return res.json({ code: NO_RIGHTS, err: "no ownership rights" });
             }
         }
 
-        const { code, err } = await entity.batch_update_entity(ids, param_obj, role_view);
-        if (!has_value(code)) {
-            throw new Error("the batch_update_entity method should return code");
-        }
+        const { code, err } = await entity.batch_update_entity(params._ids, param_obj, role_view);
+        if (!has_value(code)) throw new Error("batch_update_entity must return code");
 
-        if (code == SUCCESS) {
+        if (code === SUCCESS) {
             await save_file_fields_to_db(meta.collection, meta.file_fields, req, param_obj);
         }
 
-        res.json({ code: code, err: err });
+        res.json({ code, err });
     }));
-}
+};
 
-module.exports = { init_update_router }
+module.exports = { init_update_router };

package/setting.js

@@ -1,5 +1,14 @@
+/**
+ * @fileoverview Application settings management.
+ * @module setting
+ */
+
 const dev_mode = true;
 
+/**
+ * Default application settings.
+ * @type {Object}
+ */
 let settings = {
     axios: {
         retry: 3,
@@ -16,7 +25,7 @@ let settings = {
     log: {
         col_log: 'log',
         log_level: 0,
-        save_db: dev_mode == false,
+        save_db: dev_mode === false,
     },
     roles: [
         { name: "admin", root: true },
@@ -29,7 +38,7 @@ let settings = {
         check_user: true,
         exclude_urls: ["/"],
         session: {
-            cookie_max_age: 1000 * 60 * 60 * 24 * 256 * 10,// ten years
+            cookie_max_age: 1000 * 60 * 60 * 24 * 256 * 10, // ten years
             secret: 'BGTDYWJ*)#*$&*%(%#'
         },
         threshold: {
@@ -40,12 +49,19 @@ let settings = {
     }
 };
 
+/**
+ * Initialize application settings with user-provided configuration.
+ * Replaces default settings completely.
+ * @param {Object} user_setting - User-provided settings object.
+ */
 const init_settings = (user_setting) => {
     settings = user_setting;
-}
+};
 
-const get_settings = () => {
-    return settings;
-}
+/**
+ * Get current application settings.
+ * @returns {Object} Current settings object.
+ */
+const get_settings = () => settings;
 
 module.exports = { init_settings, get_settings };